SQL Authentication

enthusiastic-elephant · February 15, 2024, 8:31am

Hi! I’m trying to follow the guide on authentication using SQL (https://hilla.dev/docs/react/guides/security/spring-login)

The guide suggests overriding configure, but no such method seem to exist in VaadinWebSecurity.

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
...

What is the correct way to work around this issue?

joint-pug · February 16, 2024, 8:49am

Hi, you are right, that is definetly mistake in Hilla docs. Will create a issue for this.
As for what is the correct way of implementing auth with SQL -
If you need to provide users from DB then you can create new UserDetailsManager bean like here:
https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter#jdbc-authentication

enthusiastic-elephant · February 16, 2024, 9:19am

Thanks Kriss! I’ll look into that

enthusiastic-elephant · February 18, 2024, 10:24am

If anyone runs in to this same problem in future, here’s the most important part that got me further:

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth)
                        throws Exception {
                auth.userDetailsService(userDetailsService);
        }

motivated-porcupine · February 23, 2024, 12:36pm

I am having some issues too. I was trying to learn how to develop with Hilla.
I am making a Student Portal, and I have a Postgres Database and I was following the Docs, until I noticed that issue.

I set up my User Entity, and I also have a UserDetail Class which implements UserDetails from springboot security.

I also set up my CustomUserDetailService which implements UserDetailsService and allows me to use my repository to find users by Username and added the annotation @BrowserCallable.

In the security config I am using this as my DetailService as suggested above.

I am confused how to pass my service into Auth.ts file, as shown in the example (UserInfo and UserInfoService).

With my Service I get an error when Auth tries to access my Method to pass Authenticated user information from the Service.

The Documentation didn’t help me too much.
Sorry if it sounds silly, but it’s been couple of days that I can’t figure it out and looked at several docs around.

joint-pug · February 23, 2024, 1:21pm

What kind of error you are getting?

motivated-porcupine · February 23, 2024, 2:33pm

It is an access denied error which comes from my custom user detail service implementing Spring Security UserDetailsService.

joint-pug · February 23, 2024, 2:34pm

Do you still have the @PermitAll ?

joint-pug · February 23, 2024, 2:39pm

You can also enable:
logging.level.org.springframework.web=DEBUG
To see more detailed info for the the error
(in the application.properties)

motivated-porcupine · February 23, 2024, 2:40pm

I think it was @anonymousallowed. I’m trying to check with that now and change it accordingly.

joint-pug · February 23, 2024, 2:43pm

It would be beneficial to know why exactly the “access denied error” is returned - is it something with Roles or is there another problem

motivated-porcupine · February 23, 2024, 2:55pm

I can confirm that the problem is solved by allowing @BrowserCallable and
@AnonymousAllowed and by using the UserInfo as per example.

motivated-porcupine · February 23, 2024, 2:56pm

Thank you for your help.